Netgear’s bug bounty program to give $15,000 in rewards

In the wake of serious vulnerabilities which were exposed in Netgear’s routers last year by security researcher Andrew Rollins, the networking company has announced its first bug bounty program.Aritra Sarkhel | ETtech | Updated: January 06, 2017, 20:41 IST

In the wake of serious vulnerabilities which were exposed in Netgear’s routers last year by security researcher Andrew Rollins, the networking company has announced its first bug bounty program.

In partnership with BugCrowd, Netgear is offering rewards ranging from $150 to $15,000 for bug bounty researchers who can successfully find flaws in their routers.

The vendor announced that it will give out $15,000 to any researcher who can find out unauthorized access to Netgear’s cloud storage video filters, live video feeds of all Netgear customers to remote unauthorized access to another customer Netgear’s router.

Bounty hunters can even win an amount of $5,000 for retrieving a single customer’s payment information to $150 for open redirection.

The vendor also plans to allow researchers to chain the bugs wherein after reporting the bugs, the hackers can use these reports in a chain submission for the next months. Netgear claims in its bug bounty post that “If you report an unique chain vulnerability, with a minimum of 3 bugs, in addition to the cash reward for each individual bug in the chain, NETGEAR will apply a "Chain Bonus" for the bug that results from the chain.”

Manish Bhattacharya, security consultant for SynapsePay(US based FinTech startup) and part time bug bounty hunter is very upbeat about the decision by Netgear. “I think it is a great move by Netgear, these days most of the companies have their bug bounty programs.”

Manish pointed out that even if companies like Google, Facebook, Twitter and Snapchat can afford best security engineers, they still do have bug bounty programs. “A 1000+ extra pairs of eyes always help, when it come to security. It's a win-win for both, companies get their issue fixed at per bug rate (way cheaper than hiring a full time security engineer) and bug bounty hunter gets paid in USD along with acknowledgement .”

Earlier last year, reports of Netgear’s routers being vulnerable were put to light by security researcher Rollins.

A Wired report on the same pointed out that some of the more popular models of Netgear’s routers on Amazon including R6250, R6400, R6700, R7000, R7100LG, R7300, R7900, R8000 had been affected and the vendor eventually released beta patches for certain router models.